rootsongjc
/
kubernetes-handbook
mirror of https://github.com/rootsongjc/kubernetes-handbook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubernetes-handbook/practice/flannel-installation.md

128 lines
4.8 KiB
Markdown
Raw Permalink Normal View History

update summary
2021-12-25 21:42:34 +08:00
# 安装 flannel 网络插件
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
update summary
2021-12-25 21:42:34 +08:00
所有的 node 节点都需要安装网络插件才能让所有的 Pod 加入到同一个局域网中,本文是安装 flannel 网络插件的参考文档。
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
update summary
2021-12-25 21:42:34 +08:00
建议直接使用 yum 安装 flanneld除非对版本有特殊需求默认安装的是 0.7.1 版本的 flannel。
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
change highlight to prism
2018-02-20 17:58:16 +08:00
```bash
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
yum install -y flannel
```
update summary
2021-12-25 21:42:34 +08:00
service 配置文件 `/usr/lib/systemd/system/flanneld.service`
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
```ini
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/flanneld
EnvironmentFile=-/etc/sysconfig/docker-network
ExecStart=/usr/bin/flanneld-start \
flannel config update
2018-02-07 15:42:36 +08:00
-etcd-endpoints=${FLANNEL_ETCD_ENDPOINTS} \
-etcd-prefix=${FLANNEL_ETCD_PREFIX} \
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
$FLANNEL_OPTIONS
ExecStartPost=/usr/libexec/flannel/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
```
update summary
2021-12-25 21:42:34 +08:00
`/etc/sysconfig/flanneld` 配置文件:
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
```ini
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
flannel config update
2018-02-07 15:42:36 +08:00
FLANNEL_ETCD_ENDPOINTS="https://172.20.0.113:2379,https://172.20.0.114:2379,https://172.20.0.115:2379"
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
flannel config update
2018-02-07 15:42:36 +08:00
FLANNEL_ETCD_PREFIX="/kube-centos/network"
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
# Any additional options that you want to pass
FLANNEL_OPTIONS="-etcd-cafile=/etc/kubernetes/ssl/ca.pem -etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem -etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem"
```
update summary
2021-12-25 21:42:34 +08:00
如果是多网卡(例如 vagrant 环境),则需要在 FLANNEL_OPTIONS 中增加指定的外网出口的网卡,例如 - iface=eth2
Update flannel-installation.md 增加设置网卡的参数
2017-12-23 15:50:58 +08:00
update summary
2021-12-25 21:42:34 +08:00
**在 etcd 中创建网络配置**
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
update summary
2021-12-25 21:42:34 +08:00
执行下面的命令为 docker 分配 IP 地址段。
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
change highlight to prism
2018-02-20 17:58:16 +08:00
```bash
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
etcdctl --endpoints=https://172.20.0.113:2379,https://172.20.0.114:2379,https://172.20.0.115:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
mkdir /kube-centos/network
etcdctl --endpoints=https://172.20.0.113:2379,https://172.20.0.114:2379,https://172.20.0.115:2379 \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
mk /kube-centos/network/config '{"Network":"172.30.0.0/16","SubnetLen":24,"Backend":{"Type":"vxlan"}}'
```
update summary
2021-12-25 21:42:34 +08:00
如果你要使用 `host-gw` 模式,可以直接将 vxlan 改成 `host-gw` 即可。
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
update summary
2021-12-25 21:42:34 +08:00
**注**:参考[网络和集群性能测试](network-and-cluster-perfermance-test.md)那节,最终我们使用的 `host-gw` 模式,关于 flannel 支持的 backend 模式见 [GitHub](https://github.com/coreos/flannel/blob/master/Documentation/backends.md)。
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
update summary
2021-12-25 21:42:34 +08:00
**启动 flannel**
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
change highlight to prism
2018-02-20 17:58:16 +08:00
```bash
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
systemctl daemon-reload
systemctl enable flanneld
systemctl start flanneld
systemctl status flanneld
```
update summary
2021-12-25 21:42:34 +08:00
现在查询 etcd 中的内容可以看到:
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
```bash
$etcdctl --endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
ls /kube-centos/network/subnets
/kube-centos/network/subnets/172.30.14.0-24
/kube-centos/network/subnets/172.30.38.0-24
/kube-centos/network/subnets/172.30.46.0-24
Update flannel-installation.md 必须指定ca-file,cert-file,key-file,否则会报错: ``` error #0: x509: certificate signed by unknown authority error #1: x509: certificate signed by unknown authority error #2: x509: certificate signed by unknown authority ```
2018-04-23 18:49:34 +08:00
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
$etcdctl --endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
get /kube-centos/network/config
{ "Network": "172.30.0.0/16", "SubnetLen": 24, "Backend": { "Type": "vxlan" } }
Update flannel-installation.md 必须指定ca-file,cert-file,key-file,否则会报错: ``` error #0: x509: certificate signed by unknown authority error #1: x509: certificate signed by unknown authority error #2: x509: certificate signed by unknown authority ```
2018-04-23 18:49:34 +08:00
$etcdctl --endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
get /kube-centos/network/subnets/172.30.14.0-24
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
{"PublicIP":"172.20.0.114","BackendType":"vxlan","BackendData":{"VtepMAC":"56:27:7d:1c:08:22"}}
Update flannel-installation.md 必须指定ca-file,cert-file,key-file,否则会报错: ``` error #0: x509: certificate signed by unknown authority error #1: x509: certificate signed by unknown authority error #2: x509: certificate signed by unknown authority ```
2018-04-23 18:49:34 +08:00
$etcdctl --endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
get /kube-centos/network/subnets/172.30.38.0-24
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
{"PublicIP":"172.20.0.115","BackendType":"vxlan","BackendData":{"VtepMAC":"12:82:83:59:cf:b8"}}
Update flannel-installation.md 必须指定ca-file,cert-file,key-file,否则会报错: ``` error #0: x509: certificate signed by unknown authority error #1: x509: certificate signed by unknown authority error #2: x509: certificate signed by unknown authority ```
2018-04-23 18:49:34 +08:00
$etcdctl --endpoints=${ETCD_ENDPOINTS} \
--ca-file=/etc/kubernetes/ssl/ca.pem \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
get /kube-centos/network/subnets/172.30.46.0-24
add seperate flannel installation doc
2017-12-19 17:57:21 +08:00
{"PublicIP":"172.20.0.113","BackendType":"vxlan","BackendData":{"VtepMAC":"e6:b2:fd:f6:66:96"}}
```
update summary
2021-12-25 21:42:34 +08:00
如果可以查看到以上内容证明 flannel 已经安装完成,下一步是在 node 节点上安装和配置 docker、kubelet、kube-proxy 等,请参考下一节[部署 node 节点](node-installation.md)。